NetBSD Bugs in Kernel, Networking, and Application Code May Let Local Users Deny Service or Gain Elevated Privileges
|
|
SecurityTracker Alert ID: 1015132 |
|
SecurityTracker URL: http://securitytracker.com/id/1015132
|
|
CVE Reference:
GENERIC-MAP-NOMATCH
(Links to External Site)
|
Date: Nov 1 2005
|
Impact:
Denial of service via local system, Denial of service via network, Disclosure of system information, Disclosure of user information, User access via local system
|
Fix Available: Yes Vendor Confirmed: Yes
|
Version(s): prior to 2.0.3
|
Description:
Some vulnerabilities were reported in NetBSD. A local user may be able to deny service or potentially obtain elevated privileges.
The IPsec-AH calculation is always based on the same key in AES-XCBC-MAC.
A user may be able to specify negative offsets when reading the message buffer to read arbitrary kernel memory.
The imake(1) function uses unsafe temporary files, which may allow a local user to gain elevated privileges.
A bug exists in the sh(1) command, affecting big endian systems. A buffer underflow may occur when evaluating output from a back tick substitution, causing the system to crash.
Several other kernel and networking bugs exist that may allow a local user to deny service. A remote user may be able to deny service in certain cases.
|
Impact:
A local user may be able to cause the system to crash.
A local user may be able to obtain elevated privileges.
In some cases, a remote user may be able to cause denial of service conditions.
|
Solution:
The vendor has issued a fixed version (2.0.3), available as a source only update.
The list of download sites is available at at:
http://www.NetBSD.org/mirrors/
|
Vendor URL: www.netbsd.org/ (Links to External Site)
|
Cause:
Access control error, Boundary error, Exception handling error, Input validation error, Randomization error
|
|
Message History:
None.
|
Source Message Contents
|
|
|
[Original Message Not Available for Viewing]
|
|
